Competitive comparison

Network detection and response delivers the most comprehensive insight into hidden threats and empowers incident responders to act with confidence. Network traffic analysis is a core technology for detecting hidden threats, but there are several decision criteria that you should consider. Read our detailed comparisons to learn more.

Featured upcoming events

About Vectra

Vectra is the world leader in applying artificial intelligence to detect and respond to cyberattacks in cloud, data center and enterprise infrastructures in real time, while empowering security analysts to perform conclusive incident investigations and AI-assisted threat hunting.

Comprehensive cyberattack detection and response is mandatory in today’s hostile data environments, and the stakes have never been higher. No other company comes close to Vectra in proactively hunting down cyberattackers and reducing business risk.

Our core team consists of threat researchers, white hats, data scientists, network security engineers, and UI designers. We constantly push the boundaries of what's possible to drive the next generation of security.

Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

A behind-the-scenes look at how cybercriminals carry out attacks inside enterprise networks

By:

Chris Morales

June 14, 2017

Vectra AI last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.

Most industry security reports focus on statistics of known threats (exploits and malware families) or give a post-mortem look back at breaches that were successful. The first one looks at threats that network perimeter defenses were able to block and the second lists attacks that were missed entirely.

The Post-Intrusion Report offers first-hand analysis of active and persistent attacker behaviors inside the enterprise networks of Vectra customers. It takes a multidisciplinary approach that spans all strategic phases of the attack lifecycle.

Vectra expanded the scope of analysis in its new report by tripling the number of participating customer organizations. Collectively, they consisted of more than 2 million hosts, twice the number of hosts in the previous report.

Perhaps what’s most significant is that Vectra AI reduced over 1.8 million different potential threat behaviors on those 2 million+ hosts down to just 62,000 hosts, with 3,720 hosts tagged as critical and 6,987 tagged as high, enabling security analysts to quickly mitigate the highest-risk threats.

There was a wide variance in the size of the networks analyzed, with the smallest consisting of a few hundred hosts to the largest with more than 300,000. To account for this variance, data was normalized to a network with 1,000 hosts, making it easier to compare the prevalence of threats in a network on a per-capita basis.

A host is defined as any device with an IP address, including IoT devices, smartphones, tablets, laptops, servers and workloads. For example, organizations had an average of 29 hosts with threat detections for every 1,000 hosts. This is a reduction from 841 security events detected per 1,000 hosts, representing a 29x reduction in the number of events requiring investigation and triage.

Vectra would like to thank the organizations who opted-in to share metadata that was analyzed for this report. Overall, the trends represent an increase in detections and attacker behaviors, which are cause for concern.

The report also identifies cyber-attack trends related to different industries. Healthcare and education had the most attack behaviors, pointing to openness and exposure. Entertainment and healthcare had the widest range of attacker behaviors. Finance and technology had below-median detection rates due to strong policies and maturity.

In addition, the report explains real-world scenarios that occurred in the time covered. This includes ransomware attacks, exploited web applications to exfiltrate gigabytes of data, and a noticeable upswing in IoT botnets.

One of the most underrated but common threats to enterprise organizations in the report is the unintentional insider threat. The accidental loss of key assets like intellectual property and personally identifiable information (PII) carries the same risk as a targeted attack.

Overall, the report points to a trend of increasing cyber-attack activity. As attackers automate and increase the efficiencies of their own technology, there is an urgent need to automate threat detection and incident response to stop attacks faster.

Cybersecurity is an ongoing exercise in operational efficiency. Organizations have limited resources to address unlimited risks, threats and attackers. Network security products must always be evaluated in terms of efficiency as well as their impact on the operational fitness of the organization.

At the same time, there is a global shortage of highly-skilled cybersecurity professionals to handle detection and response at any reasonable speed. Consequently, the use of artificial intelligence is essential to augment existing cybersecurity teams so they can detect and respond to threats faster and stay well ahead of attackers.

These are just a few of the noteworthy trends in the report, and we encourage you to download and read the full report.

About the author

Chris Morales

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.